Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/master' into splitting5
Browse files Browse the repository at this point in the history
  • Loading branch information
github-actions[bot] committed Jun 12, 2024
2 parents 57dbbd0 + 8b7e7fa commit 8f7261e
Show file tree
Hide file tree
Showing 369 changed files with 20,102 additions and 7,820 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/runAsimSchemaAndDataTesters.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal access token.
fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository.
- name: Login to Azure Public Cloud with AzPowershell
uses: azure/login@v1
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
Expand Down
4 changes: 4 additions & 0 deletions .script/dataConnectorValidator.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,10 @@ function getConnectorCategory(dataTypes : any, instructionSteps:[])
{
return ConnectorCategory.CybleThreatIntel;
}
else if (dataTypes[0].name.includes("IndicatorsOfCompromise"))
{
return ConnectorCategory.CrowdStrikeFalconIOC;
}
return "";
}
let fileTypeSuffixes = ["json"];
Expand Down
49 changes: 49 additions & 0 deletions .script/tests/KqlvalidationsTests/CustomTables/BitwardenEventLogs_CL.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"Name": "BitwardenEventLogs_CL",
"Properties": [
{
"name": "TimeGenerated",
"type": "Datetime"
},
{
"name": "eventType",
"type": "int"
},
{
"name": "itemId",
"type": "string"
},
{
"name": "collectionId",
"type": "string"
},
{
"name": "groupId",
"type": "string"
},
{
"name": "policyId",
"type": "string"
},
{
"name": "memberId",
"type": "string"
},
{
"name": "actingUserId",
"type": "string"
},
{
"name": "installationId",
"type": "string"
},
{
"name": "device",
"type": "int"
},
{
"name": "ipAddress",
"type": "string"
}
]
}
17 changes: 17 additions & 0 deletions .script/tests/KqlvalidationsTests/CustomTables/BitwardenGroups_CL.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"Name": "BitwardenGroups_CL",
"Properties": [
{
"name": "TimeGenerated",
"type": "Datetime"
},
{
"name": "groupId",
"type": "string"
},
{
"name": "name",
"type": "string"
}
]
}
25 changes: 25 additions & 0 deletions .script/tests/KqlvalidationsTests/CustomTables/BitwardenMembers_CL.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
{
"Name": "BitwardenMembers_CL",
"Properties": [
{
"name": "TimeGenerated",
"type": "Datetime"
},
{
"name": "memberId",
"type": "string"
},
{
"name": "userId",
"type": "string"
},
{
"name": "email",
"type": "string"
},
{
"name": "name",
"type": "string"
}
]
}
98 changes: 98 additions & 0 deletions .script/tests/KqlvalidationsTests/CustomTables/CommvaultSecurityIQ_CL.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
{
"Name": "CommvaultSecurityIQ_CL",
"properties":
[
{
"Name": "anomaly_sub_type_s",
"Type": "String"
},
{
"Name": "created_files_count_s",
"Type": "String"
},
{
"Name": "deleted_files_count_s",
"Type": "String"
},
{
"Name": "description_s",
"Type": "String"
},
{
"Name": "external_link_s",
"Type": "String"
},
{
"Name": "files_list_s",
"Type": "String"
},
{
"Name": "job_end_time_s",
"Type": "String"
},
{
"Name": "job_id_s",
"Type": "String"
},
{
"Name": "job_start_time_s",
"Type": "String"
},
{
"Name": "originating_client_s",
"Type": "String"
},
{
"Name": "scanned_folder_list_s",
"Type": "String"
},
{
"Name": "severity_s",
"Type": "String"
},
{
"Name": "subclient_id_d",
"Type": "Real"
},
{
"Name": "user_id_d",
"Type": "Real"
},
{
"Name": "username_s",
"Type": "String"
},
{
"Name": "Computer",
"Type": "String"
},
{
"Name": "ManagementGroupName",
"Type": "String"
},
{
"Name": "MG",
"Type": "Guid"
},
{
"Name": "RawData",
"Type": "String"
},
{
"Name": "SourceSystem",
"Type": "String"
},
{
"Name": "TenantId",
"Type": "Guid"
},
{
"Name": "TimeGenerated",
"Type": "Datetime"
},
{
"Name": "Type",
"Type": "String"
}
]
}
5 changes: 4 additions & 1 deletion .script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@
"CEF",
"CheckPoint",
"CiscoASA",
"CiscoAsaAma",
"CiscoDuoSecurity",
"CiscoFirepowerEStreamer",
"CiscoISE",
Expand Down Expand Up @@ -239,5 +240,7 @@
"InfobloxSOCInsightsDataConnector_Legacy",
"InfobloxSOCInsightsDataConnector_AMA",
"NetskopeDataConnector",
"NetskopeWebTransactionsDataConnector"
"NetskopeWebTransactionsDataConnector",
"CefAma",
"WindowsFirewallAma"
]
3 changes: 2 additions & 1 deletion .script/utils/dataConnector.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,5 +211,6 @@ export enum ConnectorCategory {
PowerBIActivity="PowerBIActivity",
SecurityAlertOATP="SecurityAlert(OATP)",
SecurityAlertASC="SecurityAlert(ASC)",
CybleThreatIntel="CybleThreatIntel"
CybleThreatIntel="CybleThreatIntel",
CrowdStrikeFalconIOC="CrowdStrikeFalconIOC"
}
Loading

0 comments on commit 8f7261e

Please sign in to comment.